Customer details sold for ‘hundreds of thousands’

Former employees of Enterprise-Rent-A-Car have been convicted of conspiring to sell customer details to accident claims management companies for hundreds of thousands of pounds.

Details of tens of thousands of customers were stolen and subsequently sold to accident claims companies as part of a scheme that lasted two and a half years.

Andrew Minty, Jamie Leong and Michelle Craddock, who at various times worked for Enterprise in Cardiff or Aldershot, all pleaded guilty at Winchester Crown Court on 4 January to conspiracy to commit offences under the Data Protection Act. A fourth defendant remains wanted on a warrant.

Minty was fined £7,500 while Leong and Craddock were given 12-month conditional discharges and ordered to pay £3,000 and £1,200 in prosecution costs respectively.

The proceedings were brought by the Information Commissioner’s Office, while Enterprise-Rent-A-Car has previously issued civil proceedings against the defendants which resulted in them paying the company £400,000 in civil compensation.

Steve Eckersley, ICO head of enforcement, said, ‘Car rental companies have details of drivers who have been in a road accident and need to hire a vehicle while theirs is out of action. These details are valuable leads to companies which make money from encouraging accident victims to make claims.

‘This prosecution was the result of an ICO investigation brought about after Enterprise found out what was happening. These individuals had a long running agreement to abuse the trust placed in them to look after precious personal details. The problem of data thieves trading personal information is very concerning and one we’re cracking down on.’

Meanwhile, a spokesperson for Enterprise Holdings said, ‘In August 2011 it came to our attention that unauthorised access may have been gained to one of our rental reservation applications. As a result of this suspicion, we immediately undertook an internal investigation and informed the Information Commissioner’s Office and police authorities. At the time we also worked with those insurance partners whose data may have been compromised.

‘After uncovering the unauthorised access we worked closely with the ICO on its investigation. Following this investigation, three former Enterprise employees have been convicted for conspiring to steal customer information.

‘As a business we will not tolerate any behaviour that exposes our customers or threatens our integrity. We are prepared to pursue anyone who compromises customer data to the full extent of the law, including, if appropriate, civil proceedings.

‘Although no customer’s bank account or credit card details were compromised as a result of the unlawful activities of these former employees, we treat the theft of customer information extremely seriously.

‘We’re pleased to see that bringing this matter to the attention of the ICO and assisting it with its investigation has led to these convictions. We hope that this sends out a strong message that Enterprise will not tolerate this behaviour and will use all means at its disposal to combat the illegal accessing of customer information.

‘Enterprise continually reviews and invests in its data controls and security systems to ensure that its processes are robust in light of the continuing threat from companies and individuals who actively target the employees of car rental companies to purchase data illegally.’